Cybercriminals and Amazon Prime Day 2021: Here’s What You Need To Know

essidsolutions

The Amazon Prime Day 2021 is almost here, a month earlier this time. Cybercriminals have ramped up the infrastructure to target shoppers with phishing scams to harvest credentials and personal, financial information. Here’s what you need to know.

As the mid-year shopping frenzy known as the Amazon Prime Day inches closer, users need to be wary of the threats they’re up against when shopping online. The reason? As is the tradition among threat actors around the shopping and holiday season, researchers at Check Point Software Technologies confirmed the increase in malicious domains by attackers phishing for victims on Amazon, the largest e-commerce platform in the world.

Amazon is one of the favorite brands for phishers and scammers according to cloud cybersecurity vendor Mimecast. The multinational retailer has a presence across 14 of the 20 biggest world economiesOpens a new window . In total, Amazon has 200 million Prime membersOpens a new window and operates its e-commerce business in over 200 countries. For comparison, it had a presence in 58 countries in 2018Opens a new window .

So it is not all that surprising that cybercriminals are attracted to the growth on Amazon, a site visited 2.56 billion timesOpens a new window by its users in May 2021. And that’s just for Amazon.com. The company also operates multiple other domains across the world, all of which also contribute to the overall traffic. As a result, Amazon is the fifth most imitated brand, which is leveraged for 5% of all global phishing attemptsOpens a new window by cybercriminals as of April 2021.

This year Amazon is going ahead with Prime Day in select 20 countries and has also pushed it up by a month. Usually, Prime Day is held in July, the exception being 2020, wherein it was postponed to October owing to the COVID-19 pandemic. Prime Day will be held next week in the US, the UK, the UAE, Turkey, Spain, Singapore, Saudi Arabia, Portugal, Netherlands, Mexico, Luxembourg, Japan, Italy, Germany, France, China, Brazil, Belgium, Austria, and Australia.

“Criminals know that consumers will be looking for deals and will be receiving more packages than any other time of the year. These criminals use this to trick people into making purchases on shady websites and falling for phishing emails that focus on missed deliveries and canceled orders,” Jacqueline JayneOpens a new window , KnowBe4’s APAC Security Awareness Advocate told a news Australia’s Ragtrader magazineOpens a new window .

As such, Check Point estimates that 2,303 new domains that mimicked various Amazon sites popped up in recent weeks in the run-up to Amazon Prime Day on June 21 and 22. This is a 10% rise from the previous year’s Prime Day when the site raked in sales of $10.4 billionOpens a new window , a 45.25% rise from 2019 Prime Day. With digital spending on e-commerce on the rise, this number is expected by marketers to go nowhere but up.

Matthew GardinerOpens a new window , Principal Security Strategist at Mimecast says cybercriminals have a long history of leveraging holidays, global events, pandemics, as well as major company promotions to “goose their money-making schemes.”

“They love to glide in the slipstream that others create,” he said.

Check Point also discovered that nearly half (46%) of these new domains which contain the word ‘Amazon’ are malicious, while a third (32%) raise suspicion.

See Also: Prime Day Starts on June 21st: 7 Ways Retailers Can Make the Most of It

Phishing

What is Phishing?

According to Phishing.org, phishing is a cybercrime wherein a malicious actor impersonates a legitimate person or an institution to lure an individual into divulging personal or sensitive data that may be used to carry out fraud, financial fraud, identity theft, and other such activities. Victims are usually targeted via emails, calls, or even text messages for data such as personally identifiable information, banking information, credit card details, passwords, etc.

Phishing is one of the oldest online defrauding activities, which was leveraged by cybercriminals in 30% of all data breaches in 2019, according to the 2020 Verizon Data Breach Investigation ReportOpens a new window . Phishing attacks have become sophisticated in recent years, most of which involve some degree of social engineering.

Basically, the attacker aims to extract information from their target, for which it develops websites that appear genuine on the outside. These sites, which usually mimic famous websites, or websites that the attacker knows their target is a regular user of, contain a form wherein the target is prompted to enter information, usually credentials.

The FTC states that phishing emails and text messages often tell a bogus story to manipulate a target into clicking on a link or opening an attachment by claiming that there’s:

  • Suspicious activity or log-in attempts
  • A problem with your account or your payment information
  • A need for the confirmation of personal information
  • An opening for the registration of a government scheme
  • A coupon offer, and others

Check Point explained, “A phisher may use public resources, especially social networks, to collect background information about the personal and work experience of their victim. These sources are used to gather information such as the potential victim’s name, job title, and email address, as well as interests and activities. The phisher can then use this information to create a reliable fake message.”

But there are subtle differences between a genuine website and a fake, malicious one which is discussed ahead.

Prime Day Phishing

Check Point disclosed two recent attempts gearing up to target Amazon users, one of which was carried over email. The email is seemingly from Amazon customer service. A closer look at the sender’s email ID reveals that the mail is in fact malicious.

The sender ID in question is admin@fuseiseikyu-hl[.]jp and the screenshot of the email body is given below:

Opens a new window

Amazon Prime Day Phishing Email | Source: Check Point

Clicking the ‘Verify Amazon Button’ redirects to an inactive link (http://www[.]betoncire[.]es/updating/32080592480922000), which will probably be activated sometime later. One thing to note here is that the domain of the sender ID is from Japan while the link is from a domain registered in Spain.

A quick check on malware aggregator site VirusTotalOpens a new window gave the above domain a clean chit and a 404 error. A 404 error is a ‘file not found’ error, which means the domain may very well be malicious, just not available at this point in time.

Another fraudulent page Check Point came across of the 2300+ domains is amazon[.]update-prime[.]pop2[.]live.

Opens a new window

Amazon Prime Day Phishing Site | Source: Check Point

As evident from the image, this page is designed to harvest credentials, which may be used in credential stuffing attacks on other websites.

Phishing in general yields low results however the intention of attackers is to generate volume, which Amazon offers, especially on Prime Day.

See Also: How To Thwart Phishing Attempts for the Electric Utility Industry

How to Mitigate the Threat from Prime Day Phishing?

Phishing emails are quite discernible from genuine emails, but if they aren’t there are other ways to spot the malice. The email may contain every element of an Amazon login page, so here’s how to spot them:

  • Urgency: Phishers create a sense of urgency in how they draft the email. Never panic click a link or an attachment
  • Scare Tactics: Phishers usually use scare tactics by proclaiming negative consequences unless a particular action such as credential update, or some information is given
  • Grammar: A hallmark of malice is bad grammar and misspellings. So look for misspelled words
  • Domain: Always check for the sender ID. Besides words, the sender domain may be misspelled and resemble that of Amazon (or any other site). Keep an eye out for both the domain name as well as the domain extension
  • Social Media: Watch what you share on social media. You may inadvertently become a target
  • Receivers: Check if you’re the only one that received the email, or if you are among a mix of people that you don’t know. Either way, it can be a red flag
  • Hyperlinks: Hover or drag (but DO NOT click) hyperlinked text to see if the link is for a legitimate Amazon site
  • Attachments: Were you expecting the attachment? Is the attachment an unknown file type? If the answers to the questions are yes, refrain from clicking
  • Time: An email received at an unusual hour should raise suspicions

Closing Up

Since Prime Day is delayed for India and other countries to later in 2021, the attack surface this year is smaller. But that does not mean attackers are scaling down. In fact, as data indicates, there are 2,303 malicious domains this year, maybe more undetected ones, as opposed to 2,137 in 2020.

So expect an email or two and if or when they come, get in touch with Amazon customer support immediately.

Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA